
Please add the following claims 54-58: 



54. A secure network having a plurality of host computers accessible to users and 
interconnected wit\ a non-secure communication medium such as the Internet, the secure network 
comprising: 

a networl^security controller for enabling a security officer to generate at least one 
user profile for each user, \ach user profile defining at least one destination which the user is 
authorized to access; and, 

security devices ccitjnected with said host computers for receiving the user profiles 
generated at the network security cont^Uer, each security device associated with one host computer, 



iij each security device having an authorization device for authorizing users at the associated host 
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Ui computer, the security device permitting thevauthorized user, via the associated host computer, to 

select a user's profile associated with the user and for restricting access of the host computer to the 
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at least one destination defined in the selected uaer*s profile, and wherem each security device 
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f|| includes a commimication control system to control access of the host computer to the 
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Cl communication medium, said communication control system including a data storage device for 
storing data provided by said host computer in a memory s^ce, and for transferring data out of said 
memory space while making the transferred data inaccessiblato said host computer. 



55. A security device for a multi-level secure network impl ementing security at a network 
layer (layer 3) of protocol hierarchy having a plurality of host computers accessible to users for 
communication over a computer network medium, said security device liacatable between said host 
computer and the network medium, wherein said security device comprises^ network interface for 
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connecting\aid security device to the network medium, and a port for connecting said security 
device to said nost computer and further comprising a memory device cormected with said port for 
storing data provided from said host computer in a memory space, and means for switching said data 
out of said memory stoace while making said switched data inaccessible to said host computer, thus 
controlling the pass-through of data between said host computer and the network medium. 
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56. A security devicWor a multi-level secure network implementing security at a network 
layer (layer 3) of protocol hierarchy having a plurality of host computers accessible to users and 
connected to a computer network medium, said security device connectable between at least one host 
computer bus and the network medium,\aid security device comprising 
a local bus, a local RAM, and a local processor; 

a network interface for connectW said local bus to the computer network medium 
and including a network processing means for transferring information between said local RAM and 
said network medium; 

a communication separation means for cbmiection between said local bus and said 
host bus and for preventing direct pass-through of information between said host bus and said local 
bus and for preventing direct access between said host bus and slaid local RAM, said communication 
separation means including a memory device for storing information provided over said host bus in 
a memory space, a first port interconnecting said host bus and said memory device, and a second port 
interconnecting said local bus and said memory device, said informa^on transferrable from said 
memory space to said local bus while making the transferred informationyinaccessible to said host 
bus; 



\ wherein said local processor processes information to be transferred between said host 
bus and said network medium in accordance with a predetermined security policy to determine 
whether communiclation between a host computer and the network medium is authorized, said local 
processor including means for accessing host bus information from said memory space and 
transferring said informatrtm to said local bus. 

57. The security devic\of claim 56 wherein said local processor processes said host bus 
information in accordance with said pl^determined security policy, transfers the processed host bus 
information to said local RAM for access by said network processing means, accesses network 
medium information placed in said local RAM by said network processing means, processes said 
network medium information in accordance with said security policy, and transfers the processed 
network mediiun information to said communicatW separation means for access by said host bus. 

58. A security device for connecting a hostVomputer from a host bus to a computer- 
accessible network, the security device comprising a locaVbus, a network interface for connecting 
said local bus to the computer-accessible network, and a cJi^^ separation and control 
system for connection between said local bus and said host bus,Vaid communication separation and 
control system including a first port coupled to said host bus, a second port coupled to said local bus, 
and a signal storage device interconnecting said first and second port^, said signal storage device 
storing signals provided over said host bus in a host bus memory spaceVid over said local bus in 
a local bus memory space, wherein said signals are transferable between said host bus memory space 
and said local bus memory space with said switched signals from said host bus memory space being 
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inVkible to said host bus after being switched to said local bus memory space, said communication 
separation and"'5D»ttol system preventing pass-through of signals between said host bus and said 
computer-accessible networK~v^4tJiout transitory storage in said signal storage device, and further 
comprising security device processing means^^^6Q^t^olling the transfer of signals out of said local 
bus memory space of said signal storage device.— 
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